Network Security Assessment: Know Your Network [Paperback]

NSA begins with the almost obligatory reference to the king of assessment books, "Hacking Exposed" (HE), saying "I leave listings of obscure techniques to behemoth 800-page 'hacking' books." I don't think some of the techniques covered in HE but not NSA are "obscure." Noticably lacking in NSA is coverage of dial-up techniques, wireless insecurities, Novell vulnerabilities, and attacking clients rather than servers. Should NSA receive a second edition, I expect to see the book expand closer to the "behemoth" it seems to deride.

The best chapter by far was ch. 11, where the author with assistance from Michael Thumann takes the reader on a tour of exploiting vulnerable code. The stack diagrams and code snippets were especially helpful and the explanations were clear enough. This sort of material is a solid introduction to some of the techniques found in "Security Warrior." I also liked ch. 14, where the author explains a sample assessment using the tools already introduced. Kudos as well for maintaining an errata page and tool archive on the publisher's Web site.

The advantage NSA has over HE is the variety of tools on hand. I learned of at least a dozen tools not mentioned elsewhere. The author seems to be thorough while listing various exploitable flaws from the last several years. While the prose is well-written, I believe the HE series does a better job communicating fundamentals of the underlying technology. In other words, HE gives better explanations of 'what' we are compromising, while "NSA" prefers to concentrate more on the compromising itself. This technology education aspect of the HE series has always been its strong point. For example, there's no need to read a 500 page book on Microsoft FrontPage to understand the problems with it when a quick look in a HE book explains the technology's basics as well as its security flaws.

It's been over a year since the 4th edition of HE was published, so I recommend buying NSA to freshen your assessment skills. For the scenarios it does cover, which include most UNIX and Windows Internet-based attacks, it is thorough and accurate. Combined with O'Reilly's "Security Warrior," NSA presents an updated picture of the assessment scene.

The book is mostly fun to read (especially when the author is picking on the CIA in his remote information gathering activities). Sometimes though it boils down to listings of known vulnerabilities, some dated, going back to the times of RedHat 5.x and public exploit references. The coverage is pretty comprehensive, includes UNIX and Windows platforms and applications as well as VPN (but not network devices and wireless). I also liked his description of information gathering activities. The book covers most of the commonly used tools such as "nmap" (covering some of the relatively lesser known details of this scanner) as well as touches upon some of the less common such as "scanrand"). Every chapter ends with a brief summary of possible countermeasures to the activities in the chapter.

The book is definitely recommended to people new to the whole security assessment area. I suspect that those involved in the field will pick up some new things as well. For example, I liked that the author emphasizes various brute-forcing tools that can be as handy as the actual exploits when attacking a networked service. Also, I learned a new approach for picking up an internal IP address from behind the NAT by watching for certain ICMP packets.

Anton Chuvakin, Ph.D., GCIA, GCIH is a Senior Security Analyst with a major security information management company. He is the author of the book "Security Warrior" (O'Reilly, 2004) and a contributor to "Know Your Enemy II' (AWL, 2004). His areas of infosec expertise include intrusion detection, UNIX security, forensics, honeypots, etc. In his spare time, he maintains his security portal info-secure.org